Softhost
🇿🇦 POPIA Compliance

POPIA Compliance

Softhost is committed to full compliance with the Protection of Personal Information Act, 2013 (POPIA). This page explains your rights and how we protect your personal information.

Last updated: June 2026

🏛️

Lawful Processing

We process data only on valid legal grounds.

🎯

Purpose Limitation

Data collected only for specific, defined purposes.

🔒

Data Security

Appropriate safeguards protect all personal data.

👤

Your Rights

You can access, correct, or delete your data.

01

What is POPIA?

The Protection of Personal Information Act, 2013 (POPIA) is South Africa's primary data protection legislation. It gives effect to the constitutional right to privacy and regulates how organisations collect, process, store, and share personal information.

POPIA came into full effect on 1 July 2021 and applies to all organisations operating in South Africa that process personal information of South African residents.

POPIA is enforced by the Information Regulator of South Africa, an independent body established under the Act.

Our Commitment

Softhost is fully committed to POPIA compliance. We have implemented policies, procedures, and technical measures to ensure that all personal information we process is handled lawfully, fairly, and transparently.

02

Responsible Party & Information Officer

Under POPIA, the Responsible Party is the entity that determines the purpose and means of processing personal information. Softhost's Responsible Party details are:

Responsible Party Softkings IT Solutions (Pty) Ltd
Trading As Softhost
Address 217 Pretorius Street, Pretoria, Gauteng, South Africa
Email popia@softhost.co.za
Website www.softhost.co.za
03

POPIA Conditions We Follow

POPIA establishes eight conditions for lawful processing. We adhere to all eight:

Accountability
We take responsibility for ensuring POPIA compliance across our organisation.
Processing Limitation
We collect only the minimum personal information necessary for our stated purpose.
Purpose Specification
We collect data for specific, explicitly defined, and lawful purposes.
Further Processing
We do not use data for purposes incompatible with the original collection purpose.
Information Quality
We take steps to ensure personal information is accurate, complete, and up to date.
Openness
We are transparent about how we collect and use personal information.
Security Safeguards
We implement appropriate technical and organisational security measures.
Data Subject Participation
We respect your rights to access, correct, and delete your personal information.
04

What Personal Information We Process

We process the following categories of personal information:

👤

Identity Data

Full name, ID number, date of birth, company registration details.

📧

Contact Data

Email address, phone number, physical and postal address.

💳

Financial Data

Payment information, banking details (processed securely via payment gateways), invoice history.

🌐

Technical Data

IP address, browser type, device identifiers, login timestamps.

📋

Account Data

Username, service preferences, order history, support interactions.

📞

Communication Data

Emails, support tickets, chat logs, call recordings (where applicable).

05

Why We Process Personal Information

We process personal information for the following lawful purposes:

  • Providing, managing, and delivering our services to you.
  • Processing payments and managing your billing account.
  • Communicating with you about your account, services, and support requests.
  • Complying with legal and regulatory obligations under South African law.
  • Detecting, preventing, and investigating fraud or security incidents.
  • Improving our services, products, and customer experience.
  • Sending service-related notifications and updates.
06

Special Personal Information

POPIA places heightened protections on certain categories of sensitive personal information, including race, health data, religious beliefs, political opinions, trade union membership, criminal records, and biometric data.

Softhost does not routinely collect special personal information. Where it is necessary to process such information (e.g. for identity verification purposes), we will obtain your explicit consent and implement additional safeguards.

07

Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

🔍

Right of Access

Request a copy of the personal information we hold about you (Section 23).

✏️

Right to Correction

Request correction or deletion of inaccurate, irrelevant, or outdated information (Section 24).

🚫

Right to Object

Object to the processing of your personal information in certain circumstances (Section 11(3)).

📦

Right to Portability

Receive your personal data in a commonly used format where technically feasible.

↩️

Right to Withdraw Consent

Withdraw consent at any time where processing is based on your consent.

⚖️

Right to Complain

Lodge a complaint with the Information Regulator if you believe your rights have been violated.

To exercise any of these rights, submit a written request to popia@softhost.co.za. We will respond within 30 days as required by POPIA.

08

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

Billing & Financial Records 5 years As required by South African tax legislation.
Account & Service Records 3 years after account closure For dispute resolution and legal compliance.
Support Communications 2 years For quality assurance and dispute purposes.
Technical & Security Logs Up to 12 months For security monitoring and diagnostics.

Once the retention period expires, personal information is securely deleted or anonymised.

09

Cross-Border Transfers

In some cases, personal information may be transferred to or processed in countries outside South Africa (e.g. when using international cloud infrastructure or third-party platforms).

Where personal information is transferred cross-border, we ensure that:

  • The recipient country has adequate data protection laws, or
  • The recipient has agreed to binding data protection obligations equivalent to POPIA, or
  • You have consented to the transfer.
10

Security Measures

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, destruction, or disclosure:

  • SSL/TLS encryption for all data in transit.
  • Encrypted storage for sensitive data at rest.
  • Role-based access controls limiting data access to authorised personnel only.
  • Regular security assessments, penetration testing, and vulnerability scanning.
  • Staff awareness training on data protection and information security.
  • Incident response procedures for detecting and responding to data breaches.
11

Data Breaches

In the event of a data breach that is likely to result in harm to data subjects, Softhost will:

  • Notify the Information Regulator as soon as reasonably possible after becoming aware of the breach.
  • Notify affected data subjects where the breach poses a risk to their rights and freedoms.
  • Take immediate steps to contain and remediate the breach.
  • Maintain a record of all data breaches and our response actions.

If you believe your personal information has been compromised, please contact us immediately at popia@softhost.co.za.

12

Contact & Complaints

For any POPIA-related queries, requests, or concerns, contact our Information Officer:

Information Officer — Softhost

Email: popia@softhost.co.za

Address: 217 Pretorius Street, Pretoria, Gauteng, South Africa

Information Regulator of South Africa

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator:

Website: www.inforegulator.org.za

Email: inforeg@justice.gov.za

Tel: +27 (0)10 023 5207

Questions about POPIA compliance?

Our Information Officer is available to assist with any data protection queries.

Email Information Officer